1 /* 2 * Copyright (c) 2022-2024, Arm Limited. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 * 6 */ 7 8 #ifndef __CONFIG_PROFILE_MEDIUM_H__ 9 #define __CONFIG_PROFILE_MEDIUM_H__ 10 11 /* Platform Partition Configs */ 12 13 /* Size of input buffer in platform service */ 14 #ifndef PLATFORM_SERVICE_INPUT_BUFFER_SIZE 15 #define PLATFORM_SERVICE_INPUT_BUFFER_SIZE 64 16 #endif 17 18 /* Size of output buffer in platform service */ 19 #ifndef PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE 20 #define PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE 64 21 #endif 22 23 /* The stack size of the Platform Secure Partition */ 24 #ifndef PLATFORM_SP_STACK_SIZE 25 #define PLATFORM_SP_STACK_SIZE 0x500 26 #endif 27 28 /* Disable Non-volatile counter module */ 29 #ifndef PLATFORM_NV_COUNTER_MODULE_DISABLED 30 #define PLATFORM_NV_COUNTER_MODULE_DISABLED 0 31 #endif 32 33 /* Crypto Partition Configs */ 34 35 /* 36 * Heap size for the crypto backend. This is statically allocated 37 * inside the Crypto service and used as heap through the default 38 * Mbed TLS allocator 39 */ 40 #ifndef CRYPTO_ENGINE_BUF_SIZE 41 #define CRYPTO_ENGINE_BUF_SIZE 0x2080 42 #endif 43 44 /* The max number of concurrent operations that can be active (allocated) at any time in Crypto */ 45 #ifndef CRYPTO_CONC_OPER_NUM 46 #define CRYPTO_CONC_OPER_NUM 8 47 #endif 48 49 /* Enable PSA Crypto random number generator module */ 50 #ifndef CRYPTO_RNG_MODULE_ENABLED 51 #define CRYPTO_RNG_MODULE_ENABLED 1 52 #endif 53 54 /* Enable PSA Crypto Key module */ 55 #ifndef CRYPTO_KEY_MODULE_ENABLED 56 #define CRYPTO_KEY_MODULE_ENABLED 1 57 #endif 58 59 /* Enable PSA Crypto AEAD module */ 60 #ifndef CRYPTO_AEAD_MODULE_ENABLED 61 #define CRYPTO_AEAD_MODULE_ENABLED 1 62 #endif 63 64 /* Enable PSA Crypto MAC module */ 65 #ifndef CRYPTO_MAC_MODULE_ENABLED 66 #define CRYPTO_MAC_MODULE_ENABLED 1 67 #endif 68 69 /* Enable PSA Crypto Hash module */ 70 #ifndef CRYPTO_HASH_MODULE_ENABLED 71 #define CRYPTO_HASH_MODULE_ENABLED 1 72 #endif 73 74 /* Enable PSA Crypto Cipher module */ 75 #ifndef CRYPTO_CIPHER_MODULE_ENABLED 76 #define CRYPTO_CIPHER_MODULE_ENABLED 0 77 #endif 78 79 /* Enable PSA Crypto asymmetric key signature module */ 80 #ifndef CRYPTO_ASYM_SIGN_MODULE_ENABLED 81 #define CRYPTO_ASYM_SIGN_MODULE_ENABLED 1 82 #endif 83 84 /* Enable PSA Crypto asymmetric key encryption module */ 85 #ifndef CRYPTO_ASYM_ENCRYPT_MODULE_ENABLED 86 #define CRYPTO_ASYM_ENCRYPT_MODULE_ENABLED 0 87 #endif 88 89 /* Enable PSA Crypto key derivation module */ 90 #ifndef CRYPTO_KEY_DERIVATION_MODULE_ENABLED 91 #define CRYPTO_KEY_DERIVATION_MODULE_ENABLED 1 92 #endif 93 94 /* Default size of the internal scratch buffer used for PSA FF IOVec allocations */ 95 #ifndef CRYPTO_IOVEC_BUFFER_SIZE 96 #define CRYPTO_IOVEC_BUFFER_SIZE 5120 97 #endif 98 99 /* Use stored NV seed to provide entropy */ 100 #ifndef CRYPTO_NV_SEED 101 #define CRYPTO_NV_SEED 1 102 #endif 103 104 /* Use external RNG to provide entropy */ 105 #ifndef CRYPTO_EXT_RNG 106 #define CRYPTO_EXT_RNG 0 107 #endif 108 109 /* 110 * Only enable multi-part operations in Hash, MAC, AEAD and symmetric ciphers, 111 * to optimize memory footprint in resource-constrained devices. 112 */ 113 #ifndef CRYPTO_SINGLE_PART_FUNCS_DISABLED 114 #define CRYPTO_SINGLE_PART_FUNCS_DISABLED 0 115 #endif 116 117 /* 118 * The service assumes that the client interface and internal 119 * interface towards the library that provides the PSA Crypto 120 * core component maintain the same ABI. This is not the default 121 * when using the Mbed TLS reference implementation 122 */ 123 #ifndef CRYPTO_LIBRARY_ABI_COMPAT 124 #define CRYPTO_LIBRARY_ABI_COMPAT (0) 125 #endif 126 127 /* The stack size of the Crypto Secure Partition */ 128 #ifndef CRYPTO_STACK_SIZE 129 #define CRYPTO_STACK_SIZE 0x1800 130 #endif 131 132 /* FWU Partition Configs */ 133 134 /* Size of the FWU internal data transfer buffer */ 135 #ifndef TFM_FWU_BUF_SIZE 136 #define TFM_FWU_BUF_SIZE PSA_FWU_MAX_WRITE_SIZE 137 #endif 138 139 /* The stack size of the Firmware Update Secure Partition */ 140 #ifndef FWU_STACK_SIZE 141 #define FWU_STACK_SIZE 0x600 142 #endif 143 144 /* Attest Partition Configs */ 145 146 /* Include optional claims in initial attestation token */ 147 #ifndef ATTEST_INCLUDE_OPTIONAL_CLAIMS 148 #define ATTEST_INCLUDE_OPTIONAL_CLAIMS 0 149 #endif 150 151 /* Include COSE key-id in initial attestation token */ 152 #ifndef ATTEST_INCLUDE_COSE_KEY_ID 153 #define ATTEST_INCLUDE_COSE_KEY_ID 0 154 #endif 155 156 /* The stack size of the Initial Attestation Secure Partition */ 157 #ifndef ATTEST_STACK_SIZE 158 #define ATTEST_STACK_SIZE 0x700 159 #endif 160 161 /* Set the initial attestation token profile */ 162 #if (!ATTEST_TOKEN_PROFILE_PSA_IOT_1) && \ 163 (!ATTEST_TOKEN_PROFILE_PSA_2_0_0) && \ 164 (!ATTEST_TOKEN_PROFILE_ARM_CCA) 165 #define ATTEST_TOKEN_PROFILE_PSA_IOT_1 1 166 #endif 167 168 /* ITS Partition Configs */ 169 170 /* Create flash FS if it doesn't exist for Internal Trusted Storage partition */ 171 #ifndef ITS_CREATE_FLASH_LAYOUT 172 #define ITS_CREATE_FLASH_LAYOUT 1 173 #endif 174 175 /* Enable emulated RAM FS for platforms that don't have flash for Internal Trusted Storage partition */ 176 #ifndef ITS_RAM_FS 177 #define ITS_RAM_FS 0 178 #endif 179 180 /* Validate filesystem metadata every time it is read from flash */ 181 #ifndef ITS_VALIDATE_METADATA_FROM_FLASH 182 #define ITS_VALIDATE_METADATA_FROM_FLASH 1 183 #endif 184 185 /* The maximum asset size to be stored in the Internal Trusted Storage */ 186 #ifndef ITS_MAX_ASSET_SIZE 187 #define ITS_MAX_ASSET_SIZE 512 188 #endif 189 190 /* Size of the ITS internal data transfer buffer */ 191 #ifndef ITS_BUF_SIZE 192 #define ITS_BUF_SIZE 32 193 #endif 194 195 /* The maximum number of assets to be stored in the Internal Trusted Storage */ 196 #ifndef ITS_NUM_ASSETS 197 #define ITS_NUM_ASSETS 10 198 #endif 199 200 /* The stack size of the Internal Trusted Storage Secure Partition */ 201 #ifndef ITS_STACK_SIZE 202 #ifndef ITS_ENCRYPTION 203 #define ITS_STACK_SIZE 0x720 204 #else 205 #define ITS_STACK_SIZE 0xC00 206 #endif 207 #endif 208 209 /* PS Partition Configs */ 210 211 /* Create flash FS if it doesn't exist for Protected Storage partition */ 212 #ifndef PS_CREATE_FLASH_LAYOUT 213 #define PS_CREATE_FLASH_LAYOUT 1 214 #endif 215 216 /* Enable emulated RAM FS for platforms that don't have flash for Protected Storage partition */ 217 #ifndef PS_RAM_FS 218 #define PS_RAM_FS 0 219 #endif 220 221 /* Enable rollback protection for Protected Storage partition */ 222 #ifndef PS_ROLLBACK_PROTECTION 223 #define PS_ROLLBACK_PROTECTION 1 224 #endif 225 226 /* Validate filesystem metadata every time it is read from flash */ 227 #ifndef PS_VALIDATE_METADATA_FROM_FLASH 228 #define PS_VALIDATE_METADATA_FROM_FLASH 1 229 #endif 230 231 /* The maximum asset size to be stored in the Protected Storage */ 232 #ifndef PS_MAX_ASSET_SIZE 233 #define PS_MAX_ASSET_SIZE 2048 234 #endif 235 236 /* The maximum number of assets to be stored in the Protected Storage */ 237 #ifndef PS_NUM_ASSETS 238 #define PS_NUM_ASSETS 10 239 #endif 240 241 /* The stack size of the Protected Storage Secure Partition */ 242 #ifndef PS_STACK_SIZE 243 #define PS_STACK_SIZE 0x700 244 #endif 245 246 /* The stack size of the NS Agent Mailbox Secure Partition */ 247 #ifndef NS_AGENT_MAILBOX_STACK_SIZE 248 #define NS_AGENT_MAILBOX_STACK_SIZE 0x800 249 #endif 250 251 /* SPM Partition Configs */ 252 253 /* The maximal number of secure services that are connected or requested at the same time */ 254 #ifndef CONFIG_TFM_CONN_HANDLE_MAX_NUM 255 #define CONFIG_TFM_CONN_HANDLE_MAX_NUM 8 256 #endif 257 258 /* Enable the doorbell APIs */ 259 #ifndef CONFIG_TFM_DOORBELL_API 260 #define CONFIG_TFM_DOORBELL_API 1 261 #endif 262 263 #endif /* __CONFIG_PROFILE_MEDIUM_H__ */ 264
